Changing DNS to cloudflare did not improve TTFB

I created a test website to check performance of Cloudflare DNS. Both websites are exact clones.

1 has DNS via cloudflare (all other services are disabled) while the other is using normal dns (domain via bigrock). (1st image is from cloudflare dns and second is from normal)

While DNS have improved significantly it doesnt result in any improvement in TTFB? TTFB is mostly same or even higher in some cases!

Does the TLS and CONNECT values also depend on dns?

Also for some locations such as India DNS itself take 45 ms but TTFB is 25 ms! How is that possible?

DNS and TTFB are two different things…

When a user visit any address in the browser it goes with below steps

  • Queue - Depends on browser how long it may take

  • Stalled - Again, it depends on browser. If you wish to avoid, best possible things you can do is avoid using any traditional CDN, prefer reverse proxy such as Cloudflare or Sucuri.

  • DNS - If not cached, the resolver will query DNS lookup. This takes anywhere between 10ms to 150ms. Depending on domain nameservers speed (I recommend Cloudflare for DNS). A popular website domain will resolve naturally Faster because its response is already cached. One thing, you can do is increase DNS TTL to automatic to more if possible.

  • TCP Connect - Depending on server region, it will vary. Usually, faster where your testing and your server exist. But if you want connect time faster, just use Cloudflare APO or SUCURI kinda reverse proxy. The globally distributed server will connect quickly from any point of location. Not to forget, if you are on HTTP/2 there is only single TCP connection required for multiplexing (serving multiple requests in one go). That’s a reason, why I wouldn’t recommend using / splitting resources over various hostname such as,, etc these are plain outdated approach and should be avoided whenever possible.

  • TLS - Okay, again here CF is winner. They use ECC cert that is approx 25-30% faster in TLS negotiation. I recommend using Cloudflare Origin Cert + Full Strict mode. The Origin Cert is for your server which can be installed via sysadmin / host provider. This is better than Let’s Encrypt as origin cert comes as unique for each domain and comes for 15 years validity, and it’s free. Thus, you don’t need to pay for TLS cert (SSL) any more.

  • Wait - This is the TTFB time. How much server need to wait to fulfill the request, this represents TTFB. Normally, if page is uncached / dynamic it will be slow and nothing to panic. But using APO can help in speeding TTFB by 200ms globally. But the problem is you cannot maintain cache all time without argo, so it’s recommended together.

  • Download - Now, this is the last part where browser will download the stuff and execute the code. If server by nearest PoP the Download time will be faster.

Rest, it’s a good idea to keep less possible plugins.

TLDR: Use Cloudflare APO with its plugin, Pro plan to enable one click WebP images, priority routing, also use Argo subscription for the high cache hit ratio. This is all one in one perfect solution with all latest and greatest technology.


Thanks for the reply. Currently I am testing Closte and was thinking whether it would be good to shift dns to cloudflare instead of the domain hosting company. Seems like cloudflare is better so I will shift the Dns there. Planning to use cloudflare in dns only mode. Regards